Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e322e302f32332d3233203d3e203336323336.roa
File:                     3138352e33342e322e302f32332d3233203d3e203336323336.roa (raw, json)
Hash identifier:          UaRzcEP+El1BvCLbpid8kLEVVU9hYb4Agt2+TjHgN2g=
Subject key identifier:   12:20:A1:E0:33:EE:F7:10:B7:B6:74:BF:10:76:D2:A9:79:43:06:27
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       3412488C71B0C306C3D422C7B310396B6889C555
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e322e302f32332d3233203d3e203336323336.roa
Signing time:             Thu 21 Sep 2023 18:51:05 +0000
ROA not before:           Thu 21 Sep 2023 18:46:05 +0000
ROA not after:            Thu 19 Sep 2024 18:51:05 +0000
asID:                     36236
IP address blocks:        185.34.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:12:48:8c:71:b0:c3:06:c3:d4:22:c7:b3:10:39:6b:68:89:c5:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep 21 18:46:05 2023 GMT
            Not After : Sep 19 18:51:05 2024 GMT
        Subject: CN=1220A1E033EEF710B7B674BF1076D2A979430627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:91:64:4a:92:c9:c3:0e:f6:aa:bc:ee:a9:8b:
                    c4:1f:83:36:c1:e1:0e:ba:32:f2:1e:24:97:72:e7:
                    77:6f:05:ff:e3:1e:b8:0e:4b:64:ba:a7:f6:5b:70:
                    03:79:58:1a:c2:f4:3a:90:4a:a9:97:23:d1:8d:1d:
                    2c:d5:c5:d6:31:1d:5e:bd:d1:d5:5b:d3:d4:53:8f:
                    fc:0a:a9:6e:b9:fa:43:6d:d3:11:78:b4:5a:64:e8:
                    2b:58:b8:37:8b:33:95:8d:6f:75:eb:ce:7c:d0:e8:
                    bb:7c:7b:38:11:b8:03:9c:0f:15:c1:40:18:fa:d4:
                    b2:65:b6:cf:c6:cf:44:77:74:f1:17:3f:4b:bd:d7:
                    16:b4:3c:f4:0a:53:14:a6:7b:a3:fc:c1:ac:4c:04:
                    00:19:09:bc:1b:48:0f:07:94:23:69:b8:d0:0a:6b:
                    61:96:ad:99:1d:e0:95:92:43:c2:49:e3:90:cd:38:
                    28:7f:23:bf:a3:f5:43:79:b0:cf:fc:f4:aa:a5:8e:
                    8c:09:05:9d:69:95:70:7f:c5:7f:71:39:0a:56:df:
                    f1:13:0e:59:fe:b0:17:81:31:8c:5d:66:82:8f:f2:
                    39:06:ef:53:fd:d5:80:62:03:12:fe:fb:11:59:b9:
                    32:35:a9:77:21:1c:07:56:10:07:93:d3:17:7a:77:
                    ee:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:20:A1:E0:33:EE:F7:10:B7:B6:74:BF:10:76:D2:A9:79:43:06:27
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e322e302f32332d3233203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:88:cf:8b:e8:aa:06:ce:70:29:dc:b7:e6:51:77:da:2a:d1:
         9b:41:c3:d4:99:49:44:a9:83:ec:48:ff:f8:47:8d:0a:74:45:
         09:f2:4a:01:71:b4:92:fa:5b:68:d7:ab:45:fd:61:de:06:89:
         7d:38:39:95:3d:56:b7:00:45:87:b2:ee:28:8f:62:96:6c:03:
         fb:dc:66:63:5b:d0:cc:10:d2:ce:ea:8e:63:87:c2:c3:d4:d6:
         87:f3:b0:19:e3:61:e6:f4:95:61:cd:2a:da:fe:99:7c:aa:05:
         b3:e1:a6:a3:2c:41:49:77:91:f0:14:d9:6c:38:7c:f6:ea:98:
         d3:64:f2:46:9c:0c:39:ce:cc:e7:c9:97:1b:b2:7e:6a:ea:2f:
         39:2a:18:55:80:65:3c:9f:89:09:ff:a7:7c:a1:50:53:03:92:
         5b:1e:9e:79:7e:ec:dc:f6:59:7c:63:f1:f8:2d:87:df:b5:1c:
         0c:a6:0f:72:61:28:9e:e1:c2:7e:51:2d:e9:67:e9:41:cd:1e:
         02:14:00:37:99:bd:ec:dc:3a:bd:ec:6a:12:94:0c:61:c6:53:
         06:ba:34:1a:d7:ce:d8:8c:a9:74:3b:13:4a:4a:54:a9:c3:19:
         8d:b8:22:f9:91:82:19:50:10:e1:39:28:de:4f:a0:2f:27:cb:
         4a:2c:f4:d4
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUNBJIjHGwwwbD1CLHsxA5a2iJxVUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzA5MjExODQ2MDVaFw0yNDA5MTkxODUxMDVaMDMxMTAvBgNV
BAMTKDEyMjBBMUUwMzNFRUY3MTBCN0I2NzRCRjEwNzZEMkE5Nzk0MzA2MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMkWRKksnDDvaqvO6pi8QfgzbB
4Q66MvIeJJdy53dvBf/jHrgOS2S6p/ZbcAN5WBrC9DqQSqmXI9GNHSzVxdYxHV69
0dVb09RTj/wKqW65+kNt0xF4tFpk6CtYuDeLM5WNb3XrznzQ6Lt8ezgRuAOcDxXB
QBj61LJlts/Gz0R3dPEXP0u91xa0PPQKUxSme6P8waxMBAAZCbwbSA8HlCNpuNAK
a2GWrZkd4JWSQ8JJ45DNOCh/I7+j9UN5sM/89KqljowJBZ1plXB/xX9xOQpW3/ET
Dln+sBeBMYxdZoKP8jkG71P91YBiAxL++xFZuTI1qXchHAdWEAeT0xd6d+4XAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQUEiCh4DPu9xC3tnS/EHbSqXlDBicwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBnQYIKwYB
BQUHAQsEgZAwgY0wgYoGCCsGAQUFBzALhn5yc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYv
MS8zMTM4MzUyZTMzMzQyZTMyMmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzMzNjMy
MzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEAbkiAjANBgkqhkiG9w0BAQsFAAOCAQEAL4jPi+iqBs5w
Kdy35lF32irRm0HD1JlJRKmD7Ej/+EeNCnRFCfJKAXG0kvpbaNerRf1h3gaJfTg5
lT1WtwBFh7LuKI9ilmwD+9xmY1vQzBDSzuqOY4fCw9TWh/OwGeNh5vSVYc0q2v6Z
fKoFs+GmoyxBSXeR8BTZbDh89uqY02TyRpwMOc7M58mXG7J+auovOSoYVYBlPJ+J
Cf+nfKFQUwOSWx6eeX7s3PZZfGPx+C2H37UcDKYPcmEonuHCflEt6WfpQc0eAhQA
N5m97Nw6vexqEpQMYcZTBro0GtfO2IypdDsTSkpUqcMZjbgi+ZGCGVAQ4Tko3k+g
LyfLSiz01A==
-----END CERTIFICATE-----